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DETAILED ACTION 

Response to Amendment 

1. Applicant's amendment filed 05 June 2009 amends claims 1,7, 12, and 45. Claims 46 
and 47 have been added. Applicant's amendment has been fully considered and entered. 

Response to Arguments 

2. Applicant argues, "The combination of Xie and Chelsa does not teach or suggest 
determining a frequency with which messages having an attribute were rejected by a rejection 
rule based on the attribute. . .Chelsa's timing and frequency properties are only attributes of 
Chelsa's arriving data packets that were not rejected by rejection rules" This argument is not 
persuasive because Chelsa discloses measuring the frequency with which data packets having a 
given parameter characteristic are blocked, and this measurement is compared against an 
expected value to determine if the blocking parameter needs to be modified ([0032]). 

3. Applicant argues, "the combination of Xie and Chelsa also does not teach or suggest that 
the same attribute of the message is used for both the rejection rule and the exception rule." This 
argument is not persuasive because Chelsa discloses that the data packets are blocked based upon 
a given parameter characteristic ([0032]). 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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5. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness 
or nonobviousness. 

6. Claims 1, 4-6, 16-21, 31, 32, 35-37, 44-45 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Xie, U.S. Patent No. 6,772,347, in view of Chelsa, U.S. Publication No. 
2004/0250124. Referring to claims 1,17, 32, 45, Xie discloses a computer network firewall 
wherein initially denied packets are additionally filtered dynamically (Col. 5, lines 45-50 & 
Figure 6), which meets the limitation of receiving, by a security gateway, a first message, 
rejecting, by a message filter of the security gateway, the first message based on a rejection rule, 
determining, for the first message by a learning engine of the security gateway, an attribute that 
triggered the rejection rule. The dynamic filter, filters the initially denied packets using an 
additional set of rules, which are dynamically generated (Col. 5, lines 50-52), which meets the 
limitation of generating, by the learning engine, an exception rule to the rejection rule which 
rejected the messages with the attribute. The initially rejected packets, and later packets, can be 
allowed based on the newly generated rules used by the dynamic filter (Col. 5, lines 63-66), 
which meets the limitation of receiving, by the security gateway, a second message having the 
attribute, and allowing, by an adaptive filter of the security gateway, the second message, 
responsive to the exception rule. Xie does not disclose dynamically generated rules when it is 
determined that packet denial is greater than a desired threshold amount. Chelsa discloses 
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maintaining a frequency for the number of occurances with which messages were rejected 
([0017]), which meets the limitation of incrementing, by the learning engine for the attribute, a 
count of the number of messages rejected based on the attribute, based on the count for the 
attribute, determining, by the learning engine, a frequency with which messages having the 
attribute were rejected based on the rejection rule. It would have been obvious to one of ordinary 
skill in the art to dynamically generate exceptions for the dynamic filter of Xie based on a 
desired amount of allowable packets in order to minimize the blocking of legitimate traffic as 
taught be Chelsa ([0017]). 

Referring to claims 4, 19, 35, Xic discloses that the dynamic filter generates rules using 
criteria such as port number and IP address, which are extracted from incoming packets (Col. 5, 
lines 52-55), which meets the limitations of the attribute is one of a message component, a value. 

Referring to claims 5, 6, 20, 21, 36, 37, Xie discloses that the packets are initially denied 
based on counter rules that increment the count until a threshold is exceeded (Col. 5, lines 10- 
15), which meets the limitation of the frequency is a weighted/direct count of occurrences of the 
attribute. 

Referring to claims 16, 31, 44, Xie discloses that the packets are initially denied based on 
counter rules that increment the count until a threshold is exceeded (Col. 5, lines 10-15). The 
dynamic filter, filters the initially denied packets using an additional set of rules, which are 
dynamically generated (Col. 5, lines 50-52). Xie does not disclose dynamically generated rules 
when it is determined that packet denial is greater than a desired threshold amount. It would have 
been obvious to one of ordinary skill in the art to dynamically generate exceptions for the 
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dynamic filter of Xie based on a desired amount of allowable packets in order to minimize the 
blocking of legitimate traffic as taught be Chelsa ([0017]). 

7. Claims 7-15, 22-30, 38-43 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Xie, U.S. Patent No. 6,772,347, in view of Chelsa, U.S. Publication No. 2004/0250124, and 
further in view of Balasubramanian, U.S. Publication No. 2005/0086206. Referring to claims 7, 

8, 12, 13, 22, 26, 27, 30, 38, 39, 41, 42, Xie discloses filtering packets using rules based on port 
number and IP address (Col. 5, lines 58-60). The rules can be stored in a memory (Col. 4, lines 
5-8), which meets the limitation of a trie structure, wherein each node in the trie is associated 
with a component. Xie does not specify filtering based on URLs and URL descendants. 
Balasubramanian discloses a rule based filtering system where URL requests are filtered at the 
domain and IP address level, based on rules, to allow/deny traffic for all domains beginning with 
identified IP address information ([0056] & [0065]-[0067]), which meets the limitation of 
maintaining, by the learning engine, a frequency for each instance of a URL component, wherein 
the frequency is a function of a number of occurances with which a URL component and its 
descendants were rejected by a rule, selecting, by the learning engine, a URL component 
according to a set of constraints, and generating, by the learning engine, an exception rule for the 
selected URL component and its descendants, the exception rule is generated by inferencing a 
scalar data type of the descendants of the selected URL component. It would have been obvious 
to one of ordinary skill in the art at the time the invention was made to dynamically filter the 
packets of Xie using domain and IP address rules, as taught in Balasubramanian, in order to 
control access to specific areas in web space as taught by Balasubramanian (0016]). 
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Referring to claims 9-11, 14, 15, 23-25, 28, 29, 40, 43, Xie discloses that the packets are initially 
denied based on counter rules that increment the count until a threshold is exceeded (Col. 5, lines 
10-15), which meets the limitation of constraints selected with a frequency exceeding a threshold 
and having no children with a frequency above the threshold. Xie discloses filtering packets 
using rules based on port number and IP address (Col. 5, lines 58-60), but does not specify 
filtering based on URLs and URL descendants. Balasubramanian discloses a rule based filtering 
system where URL requests are filtered at the domain and IP address level, based on rules, to 
allow/deny traffic for all domains beginning with identified IP address information ([0056] & 
[0065]-[0067]), which meets the limitation of the function is an aggregate of a number of 
occurances with which the URL component was rejected by a rule and the number of 
occurrences with which descendants of the URL component were rejected by the rule. It would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
dynamically filter the packets of Xie using domain and IP address rules, as taught in 
Balasubramanian, in order to control access to specific areas in web space as taught by 
Balasubramanian ([0016]). 

Allowable Subject Matter 

8. Claims 46-47 are objected to as being dependent upon a rejected base claim, but would 
be allowable if rewritten in independent form including all of the limitations of the base claim 
and any intervening claims. 

9. The following is a statement of reasons for the indication of allowable subject matter: 
The prior art does not disclose or make obvious generating exception rules to rejection rules 
respective to message comprising a cookie session identifier or messages that include a field 
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attribute indicating that one of the password field or the user login field exceeds a predetermined 
number of characters. The exception rule is generated based upon a counter the measures the 
number of received messages, which include the identifier or field attribute indicator, that have 
been rejected based upon a rejection rule. If the counter exceeds a predetermined threshold in a 
certain amount of time, the exception rule is generated such that future message including the 
identifier or field attribute indicator will be allowed. 

Conclusion 

10. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BENJAMIN E. LANIER whose telephone number is (571)272- 
3805. The examiner can normally be reached on M-Th 7:00am-5:30pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Benjamin E Lanier/ 

Primary Examiner, Art Unit 2432 



